Home / malware OSX.Wirelurker
First posted on 07 November 2014.
Source: SymantecAliases :
There are no other names known for OSX.Wirelurker.
Explanation :
The Trojan may be downloaded through pirated applications from third-party app stores or by connecting an iOS device to a compromised OS X computer.
When the Trojan is created, it creates the following file:
/tmp/machook.log/tmp/sms.db/tmp/AddressBook.sqlitedb
The Trojan may inject the following file into other iOS applications:
/usr/bin/stty5.11.pl
The Trojan may contact the following malicious domain and send reports back to it:
[http://]www.comeinbaby.com
The Trojan may perform the following actions:
Download updates of itselfCheck if the attached iOS device is jailbrokenSpread to other iOS applicationsDetect if a USB device has been added or removed
The Trojan may back up the following iOS applications if they are found on the compromised device:
com.taobao.taobao4iphonecom.alipay.iphoneclientcom.meitu.mtxx
The Trojan may steal the following information from the compromised device:
Serial numberPhone numberModel numberProduct versionAppleIDProduct typeHardware serial numberInstalled applicationsFirst nameLast nameContact information of received text messagesLast update 07 November 2014
